Return-Path: MIME-Version: 1.0 In-Reply-To: <99B09243E1A5DA4898CDD8B700111448096BA3C277@EXMB04.eu.tieto.com> References: <99B09243E1A5DA4898CDD8B700111448096BA3C23C@EXMB04.eu.tieto.com> <99B09243E1A5DA4898CDD8B700111448096BA3C277@EXMB04.eu.tieto.com> Date: Thu, 5 Aug 2010 18:13:39 +0530 Message-ID: Subject: Re: L2cap Security And Role Switch From: "Prabhakaran M.C" To: Waldemar.Rymarkiewicz@tieto.com Cc: linux-bluetooth@vger.kernel.org Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi , 2010/8/5 : > Hi, > >>-----Original Message----- >>From: Prabhakaran M.C [mailto:mcprabhakaran@gmail.com] >>Sent: Thursday, August 05, 2010 12:38 PM >>To: Rymarkiewicz Waldemar >>Cc: linux-bluetooth@vger.kernel.org >>Subject: Re: L2cap Security And Role Switch >> >>Hi Waldek, >> >>On Thu, Aug 5, 2010 at 3:37 PM, >> wrote: >>> Hi, >>> >>>>-----Original Message----- >>>>From: linux-bluetooth-owner@vger.kernel.org >>>>[mailto:linux-bluetooth-owner@vger.kernel.org] On Behalf Of >>>>Prabhakaran M.C >>>>Sent: Wednesday, August 04, 2010 4:09 PM >>>>To: linux-bluetooth@vger.kernel.org >>>>Subject: Reg: L2cap Security And Role Switch >>>> >>>>Hello All, >>>> >>>> Whenever L2cap security is HIGH and remote device does role switch, >>>>Bluez accepts the Role switch and L2cap disconnects the channel >>>>because of HIGH security. >>>> >>>> For PAN profile, I would like to keep the L2cap security to HIGH >>>>since it involves internet browsing but the Widcomm stack >>always does >>>>a role switch in PAN connection and Bluez disconnects l2cap channel. >>>> >>>> Can someone please point in specification about the l2cap security >>>>level and Role switch relation. I tried to find out this but I could >>>>not get this behavior described in specification. Please >>provide your >>>>comments and inputs. Thanks in Advance. >>>> >>>>Thanks, >>>>Prabhakaran. >>>>-- >>> >>> Note that HIGH sec level requires encription on the link. >>Role switch procedure turn off ?the encription before it >>starts switching roles and turn on it again after all. In 2.1 >>spec the controller handles switching off/on encription (pause/resume). >>> >>> Thanks, >>> /Waldek >> >> From the logs, the link was authenticated and encrypted. >>Then Widcomm stack disables the encryption, does a role >>switch, enables the encryption. >>After role switch bluez kernel disconnects l2cap channel due >>to HIGH security. I just want to know where this disconnection >>part is defined in spec. Or Bluez has to just reject the role >>switch operation instead of disconnection? >> >>-- >>Thanks, >>Prabhakaran. > > As far as I know it's not defined in the spec. It's simply Bluez design. What I would like to see, the bluez should block outgoing data flow in l2cap for the period of role switch. > It's done in rfcomm this way, I guess (?). > > I agree, in my view the current desing in this use case is not perfect. > > Thanks, > /Waldek > > > > > > > Thanks for your response. One small correction here (My Bad). The l2cap channel is getting closed because encryption of the link goes down during role switch. "l2cap_check_encryption" function validates the encryption, if it is disabled and security is high then channel is getting closed by this function. Please let me know your comments about this. -- Thanks, Prabhakaran.